Merge pull request #83 from runwaylab/pass-through-auth

GrantBirki · web-flow · commit f892711503de · 2025-07-31T10:41:12.000-07:00
Pass through auth
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    issue-db (1.1.0)
+    issue-db (1.2.0)
       faraday-retry (~> 2.2, >= 2.2.1)
       jwt (>= 2.9.3, < 4.0)
       octokit (>= 9.2, < 11.0)
diff --git a/README.md b/README.md
@@ -197,13 +197,14 @@ This section will go into detail around how you can configure the `issue-db` gem
 
 ## Authentication 🔒
 
-The `issue-db` gem uses the [`Octokit.rb`](https://github.com/octokit/octokit.rb) library under the hood for interactions with the GitHub API. You have three options for authentication when using the `issue-db` gem:
+The `issue-db` gem uses the [`Octokit.rb`](https://github.com/octokit/octokit.rb) library under the hood for interactions with the GitHub API. You have four options for authentication when using the `issue-db` gem:
 
 > Note: The order displayed below is also the order of priority that this Gem uses to authenticate.
 
 1. Pass in your own authenticated `Octokit.rb` instance to the `IssueDB.new` method
-2. Use a GitHub App by setting the `ISSUE_DB_GITHUB_APP_ID`, `ISSUE_DB_GITHUB_APP_INSTALLATION_ID`, and `ISSUE_DB_GITHUB_APP_KEY` environment variables
-3. Use a GitHub personal access token by setting the `ISSUE_DB_GITHUB_TOKEN` environment variable
+2. Pass GitHub App authentication parameters directly to the `IssueDB.new` method
+3. Use a GitHub App by setting the `ISSUE_DB_GITHUB_APP_ID`, `ISSUE_DB_GITHUB_APP_INSTALLATION_ID`, and `ISSUE_DB_GITHUB_APP_KEY` environment variables
+4. Use a GitHub personal access token by setting the `ISSUE_DB_GITHUB_TOKEN` environment variable
 
 > Using a GitHub App is the suggested method
 
@@ -218,7 +219,31 @@ require "issue_db"
 db = IssueDB.new("<org>/<repo>") # THAT'S IT! 🎉
 ```
 
-### Using a GitHub App
+### Using GitHub App Parameters Directly
+
+You can now pass GitHub App authentication parameters directly to the `IssueDB.new` method. This is especially useful when you want to manage authentication credentials in your application code or when you have multiple GitHub Apps for different purposes:
+
+```ruby
+require "issue_db"
+
+# Pass GitHub App credentials directly to IssueDB.new
+db = IssueDB.new(
+  "<org>/<repo>",
+  app_id: 12345,                    # Your GitHub App ID
+  installation_id: 56789,          # Your GitHub App Installation ID
+  app_key: "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",  # Your GitHub App private key
+  app_algo: "RS256"                 # Optional: defaults to RS256
+)
+```
+
+**Parameters:**
+
+- `app_id` (Integer) - Your GitHub App ID (found on the App's settings page)
+- `installation_id` (Integer) - Your GitHub App Installation ID (found in the installation URL: `https://github.com/organizations/<org>/settings/installations/<installation_id>`)
+- `app_key` (String) - Your GitHub App private key (can be the key content as a string or a file path ending in `.pem`)
+- `app_algo` (String, optional) - The algorithm to use for JWT signing (defaults to "RS256")
+
+### Using a GitHub App with Environment Variables
 
 This is the single best way to use the `issue-db` gem because GitHub Apps have increased rate limits, fine-grained permissions, and are more secure than using a personal access token. All you have to do is provide three environment variables and the `issue-db` gem will take care of the rest:
 
diff --git a/lib/issue_db.rb b/lib/issue_db.rb
@@ -30,11 +30,15 @@ class Client
     # :param label: The label to use for issues managed in the datastore by this library
     # :param cache_expiry: The number of seconds to cache issues in memory (default: 60)
     # :param init: Whether or not to initialize the database on object creation (default: true) - idempotent
+    # :param app_id: GitHub App ID (for GitHub App authentication)
+    # :param installation_id: GitHub App Installation ID (for GitHub App authentication)
+    # :param app_key: GitHub App private key (for GitHub App authentication)
+    # :param app_algo: GitHub App algorithm (for GitHub App authentication, defaults to RS256)
     # :return: A new IssueDB::Client object
-    def initialize(repo, log: nil, octokit_client: nil, label: nil, cache_expiry: nil, init: true)
+    def initialize(repo, log: nil, octokit_client: nil, label: nil, cache_expiry: nil, init: true, app_id: nil, installation_id: nil, app_key: nil, app_algo: nil)
       @log = log || RedactingLogger.new($stdout, level: ENV.fetch("LOG_LEVEL", "INFO").upcase)
       @version = VERSION
-      @client = Authentication.login(octokit_client, @log)
+      @client = Authentication.login(octokit_client, @log, app_id:, installation_id:, app_key:, app_algo:)
       @repo = Repository.new(repo)
       @label = label || ENV.fetch("ISSUE_DB_LABEL", "issue-db")
       @cache_expiry = cache_expiry || ENV.fetch("ISSUE_DB_CACHE_EXPIRY", 60).to_i
diff --git a/lib/issue_db/authentication.rb b/lib/issue_db/authentication.rb
@@ -7,22 +7,28 @@ module IssueDB
   class AuthenticationError < StandardError; end
 
   module Authentication
-    def self.login(client = nil, log = nil)
+    def self.login(client = nil, log = nil, app_id: nil, installation_id: nil, app_key: nil, app_algo: nil)
       # if the client is not nil, use the pre-provided client
       unless client.nil?
         log.debug("using pre-provided client") if log
         return client
       end
 
-      # if the client is nil, check for GitHub App env vars first
+      # if GitHub App parameters are provided, use them first
+      if app_id && installation_id && app_key
+        log.debug("using provided github app authentication parameters") if log
+        return IssueDB::Utils::GitHub.new(log:, app_id:, installation_id:, app_key:, app_algo:)
+      end
+
+      # if the client is nil, check for GitHub App env vars
       # first, check if all three of the following env vars are set and have values
       # ISSUE_DB_GITHUB_APP_ID, ISSUE_DB_GITHUB_APP_INSTALLATION_ID, ISSUE_DB_GITHUB_APP_KEY
-      app_id = ENV.fetch("ISSUE_DB_GITHUB_APP_ID", nil)
-      installation_id = ENV.fetch("ISSUE_DB_GITHUB_APP_INSTALLATION_ID", nil)
-      app_key = ENV.fetch("ISSUE_DB_GITHUB_APP_KEY", nil)
-      if app_id && installation_id && app_key
-        log.debug("using github app authentication") if log
-        return IssueDB::Utils::GitHub.new(log:, app_id:, installation_id:, app_key:)
+      env_app_id = ENV.fetch("ISSUE_DB_GITHUB_APP_ID", nil)
+      env_installation_id = ENV.fetch("ISSUE_DB_GITHUB_APP_INSTALLATION_ID", nil)
+      env_app_key = ENV.fetch("ISSUE_DB_GITHUB_APP_KEY", nil)
+      if env_app_id && env_installation_id && env_app_key
+        log.debug("using github app authentication from environment variables") if log
+        return IssueDB::Utils::GitHub.new(log:, app_id: env_app_id, installation_id: env_installation_id, app_key: env_app_key)
       end
 
       # if the client is nil and no GitHub App env vars were found, check for the ISSUE_DB_GITHUB_TOKEN
diff --git a/lib/version.rb b/lib/version.rb
@@ -2,6 +2,6 @@
 
 module IssueDB
   module Version
-    VERSION = "1.1.0"
+    VERSION = "1.2.0"
   end
 end
diff --git a/spec/lib/issue_db/authentication_spec.rb b/spec/lib/issue_db/authentication_spec.rb
@@ -35,6 +35,25 @@
     expect(IssueDB::Authentication.login).to eq(client)
   end
 
+  it "returns a hydrated octokit client from provided GitHub App parameters" do
+    expect(IssueDB::Utils::GitHub).to receive(:new)
+      .with(log: nil, app_id: "123", installation_id: "456", app_key: "-----KEY-----", app_algo: "RS256")
+      .and_return(client)
+    expect(IssueDB::Authentication.login(nil, nil, app_id: "123", installation_id: "456", app_key: "-----KEY-----", app_algo: "RS256")).to eq(client)
+  end
+
+  it "prioritizes provided GitHub App parameters over environment variables" do
+    # Set up environment variables that should be ignored
+    expect(ENV).not_to receive(:fetch).with("ISSUE_DB_GITHUB_APP_ID", nil)
+    expect(ENV).not_to receive(:fetch).with("ISSUE_DB_GITHUB_APP_INSTALLATION_ID", nil)
+    expect(ENV).not_to receive(:fetch).with("ISSUE_DB_GITHUB_APP_KEY", nil)
+
+    expect(IssueDB::Utils::GitHub).to receive(:new)
+      .with(log: nil, app_id: "789", installation_id: "101112", app_key: "-----PROVIDED-KEY-----", app_algo: nil)
+      .and_return(client)
+    expect(IssueDB::Authentication.login(nil, nil, app_id: "789", installation_id: "101112", app_key: "-----PROVIDED-KEY-----")).to eq(client)
+  end
+
   it "raises an authentication error when no auth methods pass for octokit" do
     expect(ENV).to receive(:fetch).with("ISSUE_DB_GITHUB_APP_ID", nil).and_return(nil)
     expect(ENV).to receive(:fetch).with("ISSUE_DB_GITHUB_APP_INSTALLATION_ID", nil).and_return(nil)
diff --git a/spec/lib/issue_db_spec.rb b/spec/lib/issue_db_spec.rb
@@ -25,6 +25,15 @@
     expect(instance).to be_a(IssueDB::Client)
   end
 
+  it "allows module-level instantiation with GitHub App parameters" do
+    expect(IssueDB::Authentication).to receive(:login)
+      .with(nil, log, app_id: "123", installation_id: "456", app_key: "-----KEY-----", app_algo: "RS256")
+      .and_return(client)
+
+    instance = IssueDB.new(REPO, log: log, app_id: "123", installation_id: "456", app_key: "-----KEY-----", app_algo: "RS256")
+    expect(instance).to be_a(IssueDB::Client)
+  end
+
   it "is a valid version string" do
     expect(subject.version).to match(/\A\d+\.\d+\.\d+(\.\w+)?\z/)
   end
